diff --git a/CVE-2021-41079.patch b/CVE-2021-41079.patch
index 20d1b479c9e496733a41984f467f68634ee1d1bc..219c64b0e1b8821bb020e81c801958aa41038868 100644
--- a/CVE-2021-41079.patch
+++ b/CVE-2021-41079.patch
@@ -4,8 +4,9 @@ Date: Wed, 3 Mar 2021 12:00:46 +0000
 Subject: [PATCH] Improve robustness
 
 ---
- java/org/apache/tomcat/util/net/openssl/LocalStrings.properties | 1 +
- 1 file changed, 1 insertion(+)
+ .../apache/tomcat/util/net/openssl/LocalStrings.properties  | 1 +
+ java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java  | 6 ++++--
+ 2 files changed, 5 insertions(+), 2 deletions(-)
 
 diff --git a/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties b/java/org/apache/tomcat/util/net/openssl/LocalStrings.properties
 index 1919159..1ab5f43 100644
@@ -19,6 +20,23 @@ index 1919159..1ab5f43 100644
  engine.unsupportedProtocol=Protocol [{0}] is not supported
  engine.unverifiedPeer=Peer unverified
  engine.noSession=SSL session ID not available
+diff --git a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+index 15c6f56..b837fd6 100644
+--- a/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
++++ b/java/org/apache/tomcat/util/net/openssl/OpenSSLEngine.java
+@@ -593,8 +593,10 @@ public final class OpenSSLEngine extends SSLEngine implements SSLUtil.ProtocolIn
+                     throw new SSLException(e);
+                 }
+ 
+-                if (bytesRead == 0) {
+-                    break;
++                if (bytesRead <= 0) {
++                    // This should not be possible. pendingApp is positive
++                    // therefore the read should have read at least one byte.
++                    throw new IllegalStateException(sm.getString("engine.failedToReadAvailableBytes"));
+                 }
+ 
+                 bytesProduced += bytesRead;
 -- 
-2.23.0
+2.27.0
 
diff --git a/tomcat.spec b/tomcat.spec
index f1d67ec5f4b254d53cb5e122581017ebc9957b4c..4ed9f22ade44dec40fd523b06971d57eb9618770 100644
--- a/tomcat.spec
+++ b/tomcat.spec
@@ -13,7 +13,7 @@
 Name:          tomcat
 Epoch:         1
 Version:       %{major_version}.%{minor_version}.%{micro_version}
-Release:       25
+Release:       26
 Summary:       Implementation of the Java Servlet, JavaServer Pages, Java Expression Language and Java WebSocket technologies
 License:       ASL 2.0
 URL:           http://tomcat.apache.org/
@@ -502,6 +502,9 @@ fi
 %{_javadocdir}/%{name}
 
 %changelog
+* Mon Apr 25 2022 wangkai <wangkai@h-partners.com - 1:9.0.10-26
+- Refix CVE-2021-41079
+
 * Fri Feb 18 2022 wangkai <wangkai385@huawei.com> - 1:9.0.10-25
 - Fix CVE-2022-23181